Page 1 of 2 12 LastLast
Results 1 to 15 of 23
  1. #1
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Sophos Anti-Rootkit

    Sophos Anti-Rootkit

    "Eliminates hidden applications and processes
    Removing rootkits without compromising system integrity is particularly challenging and needs to be done with care. Our <img src=/S/free.gif border=0 alt=free width=30 height=15> software, Sophos Anti-Rootkit, finds and removes any rootkit that is hidden on your computer. "

    I gave this one a whirl. It didn't detect any nasties, but does report the following:
    "Warning: Failed to flush drive .C:. Registry scan may produce invalid results.
    The process cannot access the file because it is being used by another process."

    I don't understand what the convoluted reference is pointing to, or what the diagnostic means. Maybe it needs to be run from a removable boot device, to get full access to "everything"???

    Alan

  2. #2
    Lounger
    Join Date
    Nov 2004
    Location
    San Diego, California, USA
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sophos Anti-Rootkit

    Alan,

    This isn't exactly the same message, and I don't know if it's relevant to your set-up, but the following is listed under "Known issues" in the Sophos Anti-Rootkit Read Me:

    * Sophos Anti-Rootkit will work on a Terminal Services or Remote Desktop environment but may produce this warning which can be ignored: 'Unable to flush drive C: (already open by another process)'.

    and

    * If the scan is performed while the computer is in use, false positives may appear in the scan results. This is caused by files or registry entries being deleted, including temporary files being deleted automatically.

    Perhaps some registry activity while the scan was running generated the message you got?

    I can't report any results. I haven't run it yet, having just downloaded it, as advised at <A target="_blank" HREF="http://www.askwoody.com/index.php">Woody

  3. #3
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Sophos Anti-Rootkit

    Alan

    I got the same message as you, and it seems to me that it could be treated with "a complete ignoral".

    I also found it objected to:
    Cocuments and Settings<userid>Application DataMozillaFirefoxProfiles<profile>.Commonparent.lock
    but I don't think I am going to worry too much about that!

    Overall I was more impressed with this program that with SysInternals' one (unusually) because it ran considerably faster and the results were less arcane. But then again, and pleasingly, I haven't got any rootkits to test them both on...

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  4. #4
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sophos Anti-Rootkit

    Thanks Maud. From that, plus what John added, I'll put that message in the "forget it" basket.

    Alan

  5. #5
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sophos Anti-Rootkit

    I'd agree with your comparison on both counts. The SysInternals incarnation is/was indeed an arcanation - I never really knew what, if anything, I was being informed about.

    Alan

  6. #6
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Sophos Anti-Rootkit

    I think perhaps the two utilities might work differently. If they both followed the same approach as the SysInternals program -- comparing the results of Windows API calls with data retrieved in a "raw" form to uncover discrepancies -- then the drive access speed should be the limiting factor and both should take about the same amount of time. Maybe Sophos has found a reliable shortcut?

  7. #7
    Star Lounger
    Join Date
    Jul 2006
    Location
    Colorado, USA
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sophos Anti-Rootkit

    Interesting part of their license you have to agree to in order to install:

    "12.4 You shall permit Sophos or an independent certified accountant appointed by Sophos access on written notice to Your premises and Your books of account and records at any time during normal business hours for the purpose of inspecting, auditing, verifying or monitoring the manner and performance of Your obligations under this Licence Agreement including without limitation the payment of all applicable licence fees..." <img src=/S/scratch.gif border=0 alt=scratch width=25 height=29>

    Especially considering that the download is free.

  8. #8
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Sophos Anti-Rootkit

    I suspect that represents their Standard Terms and Conditions (as you know)...

    Of course if they notify you that they will be "sending the boys round" you can quickly delete the program from your PC! <img src=/S/innocent.gif border=0 alt=innocent width=20 height=20>

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  9. #9
    4 Star Lounger
    Join Date
    Feb 2004
    Location
    Saint Charles, Missouri, USA
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sophos Anti-Rootkit

    and with their PAID Version at only $595.50 - a bargin ...


    Right <img src=/S/drop.gif border=0 alt=drop width=23 height=23>
    Scott

  10. #10
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Sophos Anti-Rootkit

    For 25 users...

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  11. #11
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sophos Anti-Rootkit

    Well, if they can find my "premises and books of account and records", from the information at their disposal, then I salute them <img src=/S/salute.gif border=0 alt=salute width=15 height=20> and will gladly fork over the <img src=/S/free.gif border=0 alt=free width=30 height=15> licence fee.

    Alan

  12. #12
    Star Lounger
    Join Date
    Jul 2006
    Location
    Colorado, USA
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sophos Anti-Rootkit

    Let's just hope they don't sue for triple damages! <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

  13. #13
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Sophos Anti-Rootkit

    Being Noble and British, we don't have a legal concept of triple damages!

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  14. #14
    4 Star Lounger
    Join Date
    Feb 2004
    Location
    Saint Charles, Missouri, USA
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sophos Anti-Rootkit

    True - Could not find a reference for a single copy in US.

    <img src=/S/blush.gif border=0 alt=blush width=15 height=15>I admit I have only checked 5 of the website references though
    Scott

  15. #15
    4 Star Lounger
    Join Date
    Feb 2004
    Location
    Saint Charles, Missouri, USA
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Sophos Anti-Rootkit

    Triple times zero is ?!?!?!?
    I might be able to afford this one <img src=/S/shrug.gif border=0 alt=shrug width=39 height=15>
    Scott

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •